Recently active topics

Problem OverviewHow much could I save on my Cisco support renewal, if I could just tell what devices are ‘over-licensed’?That is a question that one of my customers was struggling with.  Trying to answer this kind of question is very difficult if you have a large estate of switches that has been deployed over time.  To complicate things, there are also various generations of Nexus switches and a number of licensing models and names.  It is all very confusing.This script hopefully gives you the ability to answer this question, and in addition it calculates a  🚨 potential cost saving 🚨 based on licence prices you enter at the start.The result of this script is a report that looks like this:  If that has got you interested, read on! Cisco NXOS LicensesIn terms of licensing, Nexus mainly breaks down into two license types - a switching-only license and a dynamic routing license.  Depending on the model of Nexus, this will be ESSENTIALS (switching) / ADVANTAGE (routing/switching), or it m

   In the latest release, Forward Networks significantly optimized the CVE (vulnerability) experience—both in performance and in how engineers investigate exposure and risk across their network. The changes focus on faster load times, clearer filtering, and more actionable context when you’re analyzing which devices  Clickable Risk Metrics with Live FilteringThe high-level CVE widgets (e.g., “devices receiving traffic from the Internet,” “known exploited,” “unconfirmed vulnerabilities”) are now fully interactive. Clicking any of these automatically applies the corresponding filters to the device and CVE tables, instantly narrowing the view to what actually matters.Those filters also persist when you drill down into CVE detail pages, so your investigative context is never lost.  Unified CVE View Across Multiple VendorsInstead of duplicating the same CVE multiple times (once per vendor), a single CVE entry now shows all affected vendors and platforms together—for example, Juniper, Cisco,

Ready to put your network skills to the test? Compete in the Forward Quest Capture-the-Flag challenge at Cisco Live in Amsterdam! We’ll have multiple daily competitions and the overall winner each day will take home a pair of Airpods Pro 3 that feature Live Translation. Join us February 9–12, at RAI Amsterdam (Booth D01), and compete against other network professionals to solve real-world network scenarios with speed and accuracy. Register for a date and time to compete at https://forwardquest.live/ using your Forward Community username and password, then stop by the booth to jump into the challenge and climb the leaderboard. You can compete in one competition per day. Each day, the top performer will take home a pair of AirPods Pro 3! Where: Cisco Live EMEA, RAI Amsterdam (Booth D01)When: February 9-12, 2026Register for a time to complete: https://forwardquest.live/ See you in Amsterdam!

New in 26.1, Forward now supports Dark Mode across the entire application, providing a consistent, high-contrast experience in all major areas of the product, including dashboards, topology views, and the NQE/code editor.  Users can choose between Light Mode, Dark Mode, or an Auto setting that follows their operating system theme. This preference is saved at the user level, so your experience stays consistent across sessions and devices. The latest release also improves text contrast to enhance readability in low-light environments. Dark Mode is useful in several common operating scenarios: Network Operations Centers (NOCs)Large wall displays running Forward dashboards for long periods benefit from Dark Mode by reducing glare and eye strain, making KPIs, alerts, and topology changes easier to monitor around the clock. Low-light or “dark office” environmentsFor teams working evening shifts, on-call rotations, or in dimly lit rooms, Dark Mode provides a more comfortable viewing experienc

Hi team, I am new to the forward networks enterprise solutions and recently facing some issues in the application. I have set of network devices with different vendors (Cisco, Fortinet, huwawei, F5, etc) in my workspace with application version 25.11 and have configured a daily snapshot collection schedule. Recently I observed the snapshots are not been collected fornthe last 2 days and  tried to find the cause, I see there is a timeout error popping up for all my network devices under the workspace. I tried to check what are the devices added in last 2 days under Diffs section by comparing the  last successful snapshots versus last failed snapshot to narrow down the issue thinking any dew device  added might have caused the issue due to modelling errors but couldn't find any devices newly added. Since I have 800+ devices I am not able to narrow down the issue and reached out to support for assistance and awaiting reply. Meanwhile, I thought to post this issue/behavior here to see if a

 If you’ve worked in networking long enough, you’ve probably taken down production at least once. I know I have. That’s why I believe in introducing a little controlled chaos—not to be reckless, but to build resilience and make sure we never walk out of a change window with a broken network. Most of my career has been on the data center side, with years of Cisco and CLI habits that never really go away. I’ve always relied on baselining, validation, and proving intent before and after every change. Now I’m applying that same mindset to AWS networking, where you can’t just SSH into a box and run your favorite show commands, but the need for confidence in how the network will behave is just as critical. 1. Get your bearings with a real network viewBefore I touch anything, I need situational awareness. In the data center, that meant topology diagrams, routing tables, and a mental model of how packets actually flow. In the cloud, if you don’t deliberately build that picture, you’re flying b

Curious about AWS but not sure where to start? In this step-by-step walkthrough, I’ll show how to set up your own AWS Free Tier account, configure billing safeguards, and follow best practices for security and user management. Whether you’re preparing for certifications or just experimenting with cloud services, this guide will help you get started with confidence.   Cloud infrastructure has become essential in today’s IT landscape, and gaining hands-on experience with AWS (Amazon Web Services) is a valuable step for any engineer. The AWS Free Tier allows you to experiment with building, using, and tearing down AWS services at little to no cost—an excellent way to learn without breaking the budget.In this article, I’ll walk you through: Why you might want to create an AWS Free Tier account How to set one up safely Best practices for billing, security, and user management How to clean up or close your account when you’re done  Why Use AWS Free Tier?Creating your own AWS Free Tier

The CISA advisory AA25‑239A details a sophisticated espionage campaign attributed to Chinese state-sponsored actors, collectively referred to as Salt Typhoon. Why Does Salt Typhoon Matter?These actors are targeting vulnerable network infrastructure — including routers and switches — to gain initial access, persist in the environment, move laterally, and exfiltrate sensitive data. In an earlier post we described how to counter initial access from Salt Typhoon actors. In this post we will look closer at one of  key tactics in this campaign, which involves abuse of the GuestShell feature available on certain Cisco platforms. What is GuestShell?GuestShell is a containerized Linux environment embedded within certain Cisco devices (e.g., IOS XE). It allows administrators — or, in the wrong hands, attackers — to run Linux commands and applications directly on the device.  Since the activity within a virtual container is monitored less closely than native operations on switches and routers, cu

I have raised a support case for this as well, but I was wondering if anyone had seen it when you see different behavior when running a query in the library versus verify.I have created a query to display the vxlan address table, and when run in Verify the result shows 0 however when executed int he library it produces the complete list of passed entries as expected.The Query will always pass and has been added to verify so we can do a diff check on the VXLAN Address table during changes as requested by the engineers.Has anyone else experienced this, or got any suggestions on how to address this.Results from execution in Verify:Results from execution in Library (Sanitized): Code from Script:/** * @intent Display the Mac Address List for VXLAN * @description Will display the VXLAN mac address list and set the violation to false. */import "library/Arista Library";foreach device in network.deviceswhere device.platform.os == OS.ARISTA_EOSlet vxlanTables = vxlanTable(device)foreach item in

Here is a useful combination of a custom command and an NQE query to show the state of all OSPF neighbors.OSPF data is not collected by default in Forward Enterprise, so we add the custom command "sh ip ospf neighbor"Output data for this command from one device looks like this:Command: sh ip ospf neighborNeighbor ID     Pri   State           Dead Time   Address         Interface10.200.30.42      0   FULL/  -        00:00:35    10.45.6.1    GigE1/0/010.200.30.42      0   FULL/  -        00:00:32    10.45.6.2    GigE1/0/110.200.30.42      0   FULL/  -        00:00:35    10.45.6.3    GigE1/0/210.200.30.42      0   FULL/  -        00:00:31    10.45.6.4    GigE1/0/310.10.10.200      1   FULL/BDR        00:00:03    10.45.6.5    Vlan200This NQE query will list the OSPF neighbors from all devices by parsing the data from the custom command./** * @intent Show OSPF neighbors on all devices collected with custom command 'sh ip ospf neighbor' * @description Show OSPF neighbors on all devices colle

Just putting this up in case anyone has a similar requirement.  When we collect ‘show running-config’ from an F5, much of the SNMP configuration is left out.  If you need this info you need to define a custom collection group and issue the command show running-config all-properties to get the additional lines of config.Once you have collected this new information, you can match on a pattern like this: f5SnmpLocationPattern = ```sys snmp  sys-location {location:string}```; 

Manually auditing DNS configuration across a large network is slow, tedious, and error-prone. Engineers are often forced to comb through thousands of lines of device configuration to confirm that every router, firewall, and switch is pointing to the correct name servers. By the time the audit is complete, parts of the network may already be out of compliance again. With Forward Networks’ Network Query Engine (NQE), this kind of validation can be automated and continuously enforced using a simple, declarative query that evaluates the entire network model at once. Why this mattersDNS is a foundational service. A single misconfigured device can: Break application connectivity Bypass security monitoring by resolving through an untrusted resolver Violate regulatory or internal policy that mandates use of controlled DNS infrastructure  What this NQE checksThis query verifies that every monitored device is configured with the approved internal DNS servers—and only those servers.In this ex

Using the MLAG_INTERFACE_STATE output that is already provided we will check the interface state in relation to all MLAG configured interfaces, this will warn if their is less than 24 hours since the last state change.To violate the following must occur.The state is not “active-full”The Oper State of the interfaces on the local and remote device is not “up/up”The configuration state is not “ena/ena”/** * @intent Report on the MLAG Interface State * @description Using the show mlag interface detail command which is in commandType MLAG_INTERFACE_STATE * the data is retrieved by calling mlagTable within the arista library. This will violate if the interface * state does not match the expected results. */ //show mlag interfaces detail.mlagInterfaces = ``` local/remote mlag state local remote oper config last change changes-------

This query takes the rather limited show mlag config-sanity command from an arista switch and generates a violation if it does not match the output below.switch#show mlag config-sanityNo global configuration inconsistencies found.No per interface configuration inconsistencies found.The query identifies each line of the output and then creates two variables globalConfig  and interfaceConfig, interfaceConfig is identified by check if interface exists in the line. I am only expecting two lines therefore both variables once set won’t be added to.   Watch this space if this changes I will update the query.As in my previous queries I have included the extract that is in my “Arista Library” into the query for simplicity.Finally there maybe a better way to do this as I had some fun and games getting this one to work so any feedback is gratefully appreciated./** * @intent Mlag Config Sanity Checks * @description Using the Arista Library we will check the configuration Sanity, there are only two

This NQE uses the show mlag detail command which all that it should be in command.type of MLAG_STATE it did not appear so I added it as a custom command and will violate if the following occur:What I alert on:Mlag state is not AcitveNegotiate Status is not connectedPeer Config is not ConsistentPeer Link and/or local interface are not upIf both the local and peer device are both primary or both secondary admittedly the latter may be impossible but though of capturing it just in case Peer Link is error disabled.If the Agent is not showing as ruinning.What we warn on:We will also Warn on the following:If there any ports disabled, Inactive or Active PartialIf the number of port disabled, inactive or Active partial is the same as the total number of ports configured. /** * @intent Check the MLAG status * @description Using the AristaMLAGDetail function in the Arista Library check to verify the status is as expected * * This query also uses the violationProcessing function from the Utilitie

Using the “show vxlan config-sanity detail” command as a custom command we have a built a query that enables you to verify your vxlan configuration based on the “Result” field being anything other than “OK”, if you wish to accept warnings then simply adjust the relevant if statement in the “AristaVxLanSanity” section of this script./** * @intent Report on the Sanity of VXLAN configuration * @description Using the AristaVxlanSanity module of the Arista Library we will report any vxlan * configuration failures by category per device using the default assumptions of the Module * from the library */AristaVxlanSanity(device: Device) =foreach command in device.outputs.commands where command.commandText == "show vxlan config-sanity detail" //Retrieve only the command show vxlan config-sanity detail let deviceName = device.name let vxlanResponse = command.response let parsed = parseConfigBlocks(OS.UNKNOWN, vxlanResponse) foreach line in parsed foreach child in line.children

I’m curious to hear how different teams are using Forward Networks in their day-to-day workflows. Whether it’s for network visibility, change validation, security analysis, or troubleshooting, I’d love to learn what’s working best for you. Which features do you rely on the most? Have you integrated Forward Networks into your change management or automation processes? Any tips or lessons learned that could help others in the community? Looking forward to hearing real-world experiences and best practices from the community.